× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d3b5e70514db70e81e3cb0d0962885c834984a82c138f31d238b5e78aadc90f
File name: medcalcsetup64.exe
Detection ratio: 0 / 68
Analysis date: 2018-01-11 16:21:04 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20180111
AegisLab 20180111
AhnLab-V3 20180111
Alibaba 20180111
ALYac 20180111
Antiy-AVL 20180111
Arcabit 20180111
Avast 20180111
Avast-Mobile 20180111
AVG 20180111
Avira (no cloud) 20180111
AVware 20180103
Baidu 20180111
BitDefender 20180111
Bkav 20180111
CAT-QuickHeal 20180111
ClamAV 20180111
CMC 20180111
Comodo 20180111
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180111
Cyren 20180111
DrWeb 20180111
eGambit 20180111
Emsisoft 20180111
Endgame 20171130
ESET-NOD32 20180111
F-Prot 20180111
F-Secure 20180111
Fortinet 20180111
GData 20180111
Ikarus 20180111
Sophos ML 20170914
Jiangmin 20180111
K7AntiVirus 20180111
K7GW 20180111
Kaspersky 20180111
Kingsoft 20180111
Malwarebytes 20180111
MAX 20180111
McAfee 20180110
McAfee-GW-Edition 20180111
Microsoft 20180111
eScan 20180111
NANO-Antivirus 20180111
nProtect 20180111
Palo Alto Networks (Known Signatures) 20180111
Panda 20180111
Qihoo-360 20180111
Rising 20180111
SentinelOne (Static ML) 20171224
Sophos AV 20180111
SUPERAntiSpyware 20180111
Symantec 20180111
Symantec Mobile Insight 20180111
Tencent 20180111
TheHacker 20180108
TotalDefense 20180111
TrendMicro 20180111
TrendMicro-HouseCall 20180111
Trustlook 20180111
VBA32 20180111
VIPRE 20180111
ViRobot 20180111
Webroot 20180111
WhiteArmor 20180110
Yandex 20180111
Zillya 20180111
ZoneAlarm by Check Point 20180111
Zoner 20180111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) MedCalc Software

Product MedCalc
Original name medcalcsetup64.exe
Internal name medcalcsetup64
File version 12.6.1
Description MedCalc Statistical Software
Signature verification Signed file, verified signature
Signing date 3:59 PM 5/22/2013
Signers
[+] MedCalc Software bvba
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 3/8/2011
Valid to 12:59 AM 3/8/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FA5806DE7556C6ACE8958FC1922551128DED1178
Serial number 00 8E 7F 85 6C 51 D0 AE 2C 21 F7 C0 DB 4D C5 28 EF
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-02 10:24:31
Entry Point 0x0002F8AE
Number of sections 5
PE sections
Overlays
MD5 476824bf672fe72d2289d7e7b8a759d5
File type data
Offset 437760
Size 17988096
Entropy 7.98
PE imports
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SetBkMode
BitBlt
GetStockObject
GetObjectW
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
IsValidLocale
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetSystemTimeAsFileTime
InterlockedExchange
WriteFile
SetStdHandle
HeapReAlloc
GetStringTypeW
FreeLibrary
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
GlobalMemoryStatus
SearchPathW
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetModuleFileNameW
FindNextFileW
ResetEvent
GetTempFileNameA
FindFirstFileW
TerminateProcess
DuplicateHandle
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
VarUI4FromStr
OleLoadPicture
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
PathFileExistsW
MapWindowPoints
RedrawWindow
GetForegroundWindow
GetParent
EmptyClipboard
GetScrollRange
EndDialog
DestroyWindow
DefWindowProcW
ModifyMenuW
KillTimer
DestroyMenu
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
SetFocus
GetSystemMetrics
EnableMenuItem
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
LoadIconW
SetPropW
TranslateMessage
GetWindow
PostMessageW
MessageBoxW
GetPropW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
SetClipboardData
IsWindowVisible
CloseClipboard
GetClientRect
SetWindowLongW
GetDlgItem
RemovePropW
SystemParametersInfoW
LoadImageW
DispatchMessageW
ScreenToClient
InvalidateRect
GetScrollPos
GetSubMenu
SetTimer
CallWindowProcW
TrackPopupMenu
LoadStringW
GetActiveWindow
FindWindowW
SetWindowTextW
GetWindowTextW
GetDesktopWindow
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
CharNextW
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_DIALOG 12
RT_ICON 12
RT_STRING 9
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 42
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
161280

ImageVersion
0.0

ProductName
MedCalc

FileVersionNumber
12.6.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MedCalc Statistical Software

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
medcalcsetup64.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.6.1

TimeStamp
2013:05:02 11:24:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
medcalcsetup64

ProductVersion
12.6.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) MedCalc Software

MachineType
Intel 386 or later, and compatibles

CompanyName
MedCalc Software

CodeSize
275456

FileSubtype
0

ProductVersionNumber
12.6.1.0

EntryPoint
0x2f8ae

ObjectFileType
Dynamic link library

File identification
MD5 0621f8fcfde7ae5645f5fb50f7ff9721
SHA1 11bb27278f88c2ae160946a5c7cfbbde0f094c3a
SHA256 1d3b5e70514db70e81e3cb0d0962885c834984a82c138f31d238b5e78aadc90f
ssdeep
393216:yQ38cnFQ7dUVBFouL7Jdj8p3dtMpWiHR6sV6DuQtFsdx46gNeTklA/iLWKdzSbqR:p38cnFQ7dUVoq7JdAp3DMHQduQtFsd+D

authentihash 7c62f1870f668dc72423577b292e86e7c498172f1b5ca25fbffd9f26d3a37ecc
imphash 10a1ea2233b019289b621fdf3132f3fe
File size 17.6 MB ( 18425856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (81.1%)
InstallShield setup (9.9%)
Win64 Executable (generic) (6.3%)
Win32 Executable (generic) (1.0%)
OS/2 Executable (generic) (0.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-11 10:18:27 UTC ( 5 years, 11 months ago )
Last submission 2013-06-11 10:18:27 UTC ( 5 years, 11 months ago )
File names medcalcsetup64.exe
medcalcsetup64
1D3B5E70514DB70E81E3CB0D0962885C834984A82C138F31D238B5E78AADC90F
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications